import org.argeo.api.cms.CmsAuth;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.CmsSession;
+import org.argeo.cms.http.HttpHeader;
+import org.argeo.cms.http.HttpStatus;
import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.util.CurrentSubject;
-import org.argeo.util.http.HttpHeader;
-import org.argeo.util.http.HttpResponseStatus;
+import org.argeo.cms.util.CurrentSubject;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
public final static <T> T doAs(Supplier<T> supplier, RemoteAuthRequest req) {
CmsSession cmsSession = getCmsSession(req);
return CurrentSubject.callAs(cmsSession.getSubject(), () -> supplier.get());
-// ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader();
-// Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader());
-// try {
-// return Subject.doAs(
-// Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())),
-// new PrivilegedAction<T>() {
-//
-// @Override
-// public T run() {
-// return supplier.get();
-// }
-//
-// });
-// } finally {
-// Thread.currentThread().setContextClassLoader(currentContextCl);
-// }
}
-// public final static void configureRequestSecurity(RemoteAuthRequest req) {
-// if (req.getAttribute(AccessControlContext.class.getName()) != null)
-// throw new IllegalStateException("Request already authenticated.");
-// AccessControlContext acc = AccessController.getContext();
-// req.setAttribute(REMOTE_USER, CurrentUser.getUsername());
-// req.setAttribute(AccessControlContext.class.getName(), acc);
-// }
-//
-// public final static void clearRequestSecurity(RemoteAuthRequest req) {
-// if (req.getAttribute(AccessControlContext.class.getName()) == null)
-// throw new IllegalStateException("Cannot clear non-authenticated request.");
-// req.setAttribute(REMOTE_USER, null);
-// req.setAttribute(AccessControlContext.class.getName(), null);
-// }
-
public static CmsSession getCmsSession(RemoteAuthRequest req) {
CmsSession cmsSession = (CmsSession) req.getAttribute(CmsSession.class.getName());
if (cmsSession == null)
.startsWith(HttpHeader.NEGOTIATE)) {
negotiateFailed = true;
} else {
- return HttpResponseStatus.FORBIDDEN.getCode();
+ return HttpStatus.FORBIDDEN.getCode();
}
}
// response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
// realm=\"" + httpAuthRealm + "\"");
- if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO
- remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
- else
+ if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO
+ remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
+ // TODO make it configurable ?
+ remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
+ HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+ } else {
remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+ }
// response.setDateHeader("Date", System.currentTimeMillis());
// response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
// response.setHeader("Keep-Alive", "timeout=5, max=97");
// response.setContentType("text/html; charset=UTF-8");
- return HttpResponseStatus.UNAUTHORIZED.getCode();
+ return HttpStatus.UNAUTHORIZED.getCode();
}
private static boolean hasAcceptorCredentials() {